Critical Security Update: Directorist WordPress Plugin Patches Two High-risk Vulnerabilities

Alongside our usual work to discover, report, and remediate vulnerabilities in the WordPress ecosystem, the WordPress Threat Intelligence team has been conducting a deep-dive into WordPress plugin code with the objective of finding methods to bypass authentication and gain elevated privileges in WordPress plugins so we can help developers patch these vulnerabilities before threat actors can exploit them.

One such plugin we examined recently is Directorist, a popular tool used by over 10,000 WordPress sites to manage directory listings and …

authentication bypass code critical developers discover dive ecosystem high intelligence patch patches plugin plugins privileges report risk security security update team threat threat intelligence update vulnerabilities wordpress wordpress plugin wordpress plugins work